The role of the Board in cybersecurity risk management

Share on facebook
Share on linkedin
Share on twitter
Share on print
Share on email

As we rely more on digital processes, the threat of cyber attacks grows. These attacks affect our operations, finances, and reputation. It’s crucial for you, to ensure your company is well-protected. The primary board responsibilities in cybersecurity include;


Set up clear rules for managing cybersecurity. Include cybersecurity in the enterprise’s overall risk planning. Approve the cybersecurity policies and emergency plans. Ensure these are adequately communicated and implemented.


Make sure enough money is set aside for cybersecurity defenses and updates. Approve budgets that prioritize cybersecurity, and allow implementeation fo the approved cybersecurity policies, and plans.


Keep track of our compliance with laws and standards. Understand the legal consequences of cyber breaches.


Get regular updates on our cybersecurity status. Ensure we have external audits and act on their findings.

Crisis Management

Check and practice the emergency response plans. Have a clear plan for communicating about breaches.

The Common Cybersecurity Issues

The common cyber attacks businesses face that directors must anticipate and manage proactively include;

  1. Harmful software that locks access to a system until a ransom is paid.
  2. Fake attempts to get sensitive information by pretending to be a trustworthy source.
  3. Man-in-the-Middle Attacks. Interception and alteration of communications between two parties.
  4. SQL Injection. Exploitation of security weaknesses in applications to run harmful SQL statements.

Frontline cases – how to handle a phishing attack


The finance department received emails that looked like they were from a trusted vendor asking for payment. The emails had links to a payment site. Some employees clicked these links and accidentally gave access to the company’s network.


Immediate Steps

Cut off affected systems from the network to stop the breach. Change passwords and add two-factor authentication.


Look into how deep and wide the breach is.  Check logs to understand how the breach happened.


Tell everyone affected, including employees, customers, and vendors. Report to authorities as needed by law.

Recovery and Updates

Get systems back from safe backups. Put in better monitoring tools to stop future phishing.

Board Review

Look at how well we responded to the incident. Update our policies based on what we learned.

Your active role in our cybersecurity is crucial. By understanding risks, supporting key decisions, and ensuring good management, you help protect our assets and reputation from digital threats.


Test your Knowledge. Take a Quiz

Subscribe Now to our Newsletter

Subscribe for free news letter and be transformed.